Hello, my name is Thomas Cope and I currently work as the Chief Security Officer at Next DLP. I manage the end to end Security of our Enterprise DLP product (from design, threat model, SDLC, release and support) alongside managing the PSIRT & Product Security teams and our ISO 27001 certification. Before joining Next DLP I worked for eight years as a Cloud Cyber Security Architect at IBM while studying part-time at Oxford University for a Master’s Degree in Software and Systems Security.
I am an experienced Security Architect and Systems Engineer with a passion for designing, building and maintaining secure systems, processes and teams. I have strong experience in both Cloud and containerized (Docker / Kubernetes) platforms while working in DevSecOps environments. I enjoy programming and electronics in my spare time - you can learn more in the “Projects” sections below. I have a keen interest in Security and Cryptography. I enjoy designing and building secure systems / software as well as performing security research on pre-existing systems / software. I am CISSP Certified as well as a Redhat Linux System Engineer. I use these skills extensively at work and for the support of this server which is used to host both myself, and a friend’s projects (Server Status).
In my spare time, I am a STEM Ambassador and an Associational (MBCS) Member of the British Computer Society. I play games such as TF2, Counter-Strike, Valorant, Minecraft. Avid runner and enjoy good game of Badminton. Also enjoy Skiing when I get the chance. Feel free to drop me a line either on my Linkedin or GitHub or Youtube.
Some of my ramblings:
I presented at a local school about the benefits of a career in cybersecurity.
(Posted on 13 February 2023 · 1 min read)
I presented at Cambridge University a talk on “That’s expensively weird - a deep dive into cloud incident response”. The talk went into threat modeling, the importance of code review,…
(Posted on 07 January 2023 · 1 min read)
A Christmas themed fireside chat video reviewing the Data protection space in 2022 and predictions for 2023.
(Posted on 15 December 2022 · 1 min read)
A blog post I made about my thoughts on Data Protection within the new ISO 27001 2022 standard.
(Posted on 02 December 2022 · 1 min read)
Living document of places I’ve been quoted when asked to comment on Cyber-security News
(Posted on 01 December 2022 · 1 min read)
I attended the Cranford Community College Careers fair alongside my Colleague Robbie representing Next DLP (with the recent re-branding we were using our old “Qush” banners) to provide students with…
(Posted on 21 November 2022 · 1 min read)
I was invited to BSides Basingstoke where I presented a talk guiding the audience through my own practical security research experience developing CVE-2020-5014. I walk through the process of information…
(Posted on 15 July 2022 · 1 min read)
I presented my talk “From Zero to SSRF to RCE and back again” to the Newcastle University Competitive Computer Science Society, in the talk I explain “Ethical Hacking Journey -…
(Posted on 21 May 2022 · 1 min read)
During some security research I discovered a method in which the local user account restricted in the HMC shell could be uses to escalate privilege to root access. The post…
(Posted on 19 July 2021 · 9 mins read)
I was able to acquire a second hand IBM System x3650 M4 BD (5466). I wanted to replace the ServeRAID card with a “ServeRAID M1015 LSI 9220-8i 6GB SAS SATA…
(Posted on 28 January 2021 · 2 mins read)
During some personal security research I discovered a SSRF vulnerability in IBM Datapower which could then be upgraded to RCE. The practical upshot of which is with an authenticated session…
(Posted on 21 October 2020 · 3 mins read)
I had quite a few issues getting Riot Games new first person shooter Valorant running on my laptop. This is a brief post to cover some of the techniques I…
(Posted on 17 July 2020 · 6 mins read)
I took place in NahamCon CTF. It was a two day event but I was only able to make it for the last 1/2 of the last day. I scored…
(Posted on 13 June 2020 · 6 mins read)
During some work on a project I came across some strange behaviour on how docker handles setuid & setgid. In Linux the setuid and setgid C calls are used to…
(Posted on 20 February 2020 · 8 mins read)
In this post I would like to highlight a really old flaw with the encryption used by the zip file format. This is a known text attack based on the…
(Posted on 05 December 2019 · 4 mins read)
A while ago I had to work with a particularly frustrating application that was required to connect to a hardware appliance. Both of which will remain unnamed in this post….
(Posted on 15 November 2019 · 5 mins read)
The Oxford Competitive Computer Society hosted a Capture the Flag event which was great fun, I ranked third on the scoreboard. Below are my favorite challenges with a video of…
(Posted on 09 June 2019 · 1 min read)
A selection of my favorite projects:
I’ve always had an interest in botnets, from Mirai to Emotet, this side project is my own botnet creation used to test out new ideas and learn more about what it takes to build a botnet, how they can be taken down and how to best approach them.
This is a demonstration of a proof of concept I built to tunnel ssh traffic over web-sockets using the same system Google uses (Zero Trust) to secure SSH access. It used JWT, mTLS and OAuth. I build both a client and server application to achieve this.
I reversed engineered and created a practical demo of the the CVE-2019-6111 + CVE-2019-6110 vulnerabilities
A collection of articles I’ve read and enjoyed
I attended Oxford University for a MSc in Software and Systems Security. This page details the 3 software and 7 security modules I attended along with a explanation of my dissertation.
I would not describe myself as a photographer or the kind of chap to have an instagram, but I do enjoy taking photos, so I thought I’d put a few of my faves on here.
A REST API Game where the objective is to have the most beans by the end of the day
Details about my new PC, its specs and some cool photos!
Using the Bash Bunny from Hak5 I build payload that can determin the Host OS using p0f and then deliver the required payload
This is a demo of a new pastejacking attack using bash and command link tricks to fool the user into executing malicious code.
A custom made Arduino library to query a Minecraft server using the bespoke UDP query API.
A Arduino door lock using a Fingerprint scanner and a 7 inch touch screen.
A really simple terminal screen saver written in Golang using the tput library.
A companion application to the TSTP, that allows for openCV videos to be saved and then played back.
I recreated the functionality of a hardware encrypted memory stick (such as ‘IronKey’ or ‘Datashur’) using the Arduino micro-controller and a SD card shield.
This is the 3rd incarnation on my Sentry Tracking program. Using opencv and C++, this project dynamically scans a webcam or video feed and tracks one or more targets
One of the largest program I’ve written. A simple space shooter written in C++ using OpenGL and a custom made game engine.
A Arduino based GPS and GRSM Tracking System using a custom built library for the Maplin GSMShield. The Arduino acquires a GPS lock, reads the value and sends the data encrypted via UDP to a collection server.
A fun game to play while on a Conference Call.
A Really simple gateway script to be used on a IBM Datapower to convert XML to JSON using built in Datapower functions.
I primarily write GO / Golang day to day and shell scripting. I have experience with the below languages: